650x + multiple VLANs + l2trace on non-mgmt VLAN

I give up I have a 6506, running hybrid, with switching and inter-VLAN
routing enabled, and multiple VLANs defined. I cannot figure out how to
run l2trace for systems belonging to other VLANs than the management one
(in an attempt to identify the port where a specific IP addressed system
is, which is not in the management VLAN).

I assume (?!?) that is because I am remotely logged into the management
VLAN and thus any attempts to identify the MAC of another VLAN system
failing: e.g.

-- where the mgmt VLAN interface I am logged in "through" being on
172.20.0.1

but the question is: how do I get access to those other VLANs, to be able
to l2trace IPs or MACs?!? I guess the question could be further
expanded (excluding the l2tracee mechanism): how do I find out the
ports where systems with a specific IP are plugged in, if those systems
belong to another VLAN than the management (and obviously I do NOT know
their MACs!!!)?!?Any ideas?!?

NOTE: I need - further - to span that port to another system which I just
placed in the same VLAN, for debugging purposes (but I think that part
would be easier?!?).

Advertisements

In article <4287580c$0$28853$>,
papi <> wrote:
:I give up I have a 6506, running hybrid, with switching and inter-VLAN
:routing enabled, and multiple VLANs defined. I cannot figure out how to
:run l2trace for systems belonging to other VLANs than the management one

I do not know anything about l2trace, but if it uses SNMP, then
you need to use SNMP "community indexing" or "snmp contexts"

Advertisements

On Sun, 15 May 2005 17:02:58 +0000, Walter Roberson wrote:
> In article <4287580c$0$28853$>,
> papi <> wrote:
> :I give up I have a 6506, running hybrid, with switching and inter-VLAN
> :routing enabled, and multiple VLANs defined. I cannot figure out how to
> :run l2trace for systems belonging to other VLANs than the management one
>
> I do not know anything about l2trace, but if it uses SNMP, then
> you need to use SNMP "community indexing" or "snmp contexts"
>
> ftp://ftp.cisco.com/pub/mibs/supportlists/wsc6509/wsc6509-communityIndexing.html

Thank you for your answer - I am not sure what would be the syntax for
snmpwalk, though, in such a case:

$ sudo snmpwalk -v 1 -c public@vlan-<whatever> <IP-of-switch>

does not seem to work (with public@<> with or without quotes)?!?

NOTE: Your response gave me an idea, though, so I snmpwalked the switch,
looking for the IP, i.e.:

$ sudo snmpwalk -v 1 -c public <my_switch_IP> |grep <"the"-IP>

thus obtaining the MAC, then telnet-ed into the switch and running accross
the dynamic cam table, i.e.:

my_switch>show cam dynamic <my_vlan> | include <MAC-address>

and got the answer ... Hmmm - but I would love to automate this, somehow,
so the proper syntax to what you were suggesting may be the only "clean"
way.

On 15.05.2005 16:15 papi wrote
> I give up I have a 6506, running hybrid, with switching and inter-VLAN
> routing enabled, and multiple VLANs defined. I cannot figure out how to
> run l2trace for systems belonging to other VLANs than the management one
> (in an attempt to identify the port where a specific IP addressed system
> is, which is not in the management VLAN).
>
> I assume (?!?) that is because I am remotely logged into the management
> VLAN and thus any attempts to identify the MAC of another VLAN system
> failing: e.g.
>
> my_switch> l2trace 172.30.0.1 172.30.0.5
> Cannot find the corresponding MAC address for the source IP address
> 172.30.0.1. l2trace aborted.
>
> -- where the mgmt VLAN interface I am logged in "through" being on
> 172.20.0.1
>
> but the question is: how do I get access to those other VLANs, to be able
> to l2trace IPs or MACs?!? I guess the question could be further
> expanded (excluding the l2tracee mechanism): how do I find out the
> ports where systems with a specific IP are plugged in, if those systems
> belong to another VLAN than the management (and obviously I do NOT know
> their MACs!!!)?!?Any ideas?!?
>

Buna,

l2trace will only be successful for those MAC addresses which are in
your CAM table. So try to l2trace between two MAC addresses first. afaik
l2trace also uses CDP.

On Sun, 15 May 2005 20:21:32 +0200, Arnold Nipper wrote:
> On 15.05.2005 16:15 papi wrote
>
>> I give up I have a 6506, running hybrid, with switching and inter-VLAN
>> routing enabled, and multiple VLANs defined. I cannot figure out how to
>> run l2trace for systems belonging to other VLANs than the management one
>> (in an attempt to identify the port where a specific IP addressed system
>> is, which is not in the management VLAN).
>>
>> I assume (?!?) that is because I am remotely logged into the management
>> VLAN and thus any attempts to identify the MAC of another VLAN system
>> failing: e.g.
>>
>> my_switch> l2trace 172.30.0.1 172.30.0.5
>> Cannot find the corresponding MAC address for the source IP address
>> 172.30.0.1. l2trace aborted.
>>
>> -- where the mgmt VLAN interface I am logged in "through" being on
>> 172.20.0.1
>>
>> but the question is: how do I get access to those other VLANs, to be able
>> to l2trace IPs or MACs?!? I guess the question could be further
>> expanded (excluding the l2tracee mechanism): how do I find out the
>> ports where systems with a specific IP are plugged in, if those systems
>> belong to another VLAN than the management (and obviously I do NOT know
>> their MACs!!!)?!?Any ideas?!?
>>
>
> Buna,
>
> l2trace will only be successful for those MAC addresses which are in
> your CAM table. So try to l2trace between two MAC addresses first. afaik
> l2trace also uses CDP.
>
> Arnold

Multumesc

See my other follow-up, regarding snmpwalk-ing the whole deal. I think
that there is an issue with where from you're trying to l2trace (different
VLAN may not show what's needed, while a combination of snmpwalk and cam
table lookup may provide the answer).

On the other observation - I had great hopes about a tool with CDP
capabilities, for obvious reasons (not having too manually traverse
switches, when a specific MAC is found across a trunk interface) ... but
that is another deal, altogether.

Guest

PAPI,

STEP 1: ping the destination IP so your router knows about it and you
know its live
STEP 2: (Using Net-SNMP) 'snmpwalk -c <COMMSTRING> <router IP address>
ipNetToPhysAddress'
- this will return all the MAC-to-IP resolutions your router knows
of
STEP 3: On the switch, 'show cam dyn <MAC of target IP>'
- this will show you the port (or trunk) the MAC has been learned
through

That simple. True, if you have multiple switches and it is not
practical to issue the 'show cam ...' command on each of them, then you
can do as someone else in this thread suggested and use Cisco's SNMP
community indexing. But there is a lot more to it than that. You would
have to:
1) retrieve all MAC's from all VLAN's on each switch -dot1dTpFdbAddress
retrieves them in HEX to Decimal table form.
2)get the decimal MAC to "Bridge Port Identifier" translation. This is
an arbitrary # assigned to each decimal MAC - dot1dTpFdbPort.
3) get the "basePortIfIndex" to ifIndex translation. This translates
the arbitrary (or dynamic, if you prefer) # assigned to each MAC in a
VLAN to the arbitrarily (dynamically) assigned # to each port in the
switch - dot1dBasePortIfIndex
4) From here, you get the ifIndex to switch port name translation via
portName or locIfDescr (depending on how old your equipment is).

.... and there you go. If you are going to go this far into it, then it
also might help to weed out your trunk ports somewhere in the steps
below (cause the machine you are searching for would never be attached
to a trunk port, of course).

.... and, once you get this far and you have the ifIndex to port name
mappings, then you can get a whole flood of info; any table that is
associated with ifIndex will now be easily understoood, retrievable,
etc.

Give me a good NMS job and I will write you a million dollar app!
Dan

papi wrote:
> On Sun, 15 May 2005 20:21:32 +0200, Arnold Nipper wrote:
>
> > On 15.05.2005 16:15 papi wrote
> >
> >> I give up I have a 6506, running hybrid, with switching and
inter-VLAN
> >> routing enabled, and multiple VLANs defined. I cannot figure out
how to
> >> run l2trace for systems belonging to other VLANs than the
management one
> >> (in an attempt to identify the port where a specific IP addressed
system
> >> is, which is not in the management VLAN).
> >>
> >> I assume (?!?) that is because I am remotely logged into the
management
> >> VLAN and thus any attempts to identify the MAC of another VLAN
system
> >> failing: e.g.
> >>
> >> my_switch> l2trace 172.30.0.1 172.30.0.5
> >> Cannot find the corresponding MAC address for the source IP
address
> >> 172.30.0.1. l2trace aborted.
> >>
> >> -- where the mgmt VLAN interface I am logged in "through" being on
> >> 172.20.0.1
> >>
> >> but the question is: how do I get access to those other VLANs, to
be able
> >> to l2trace IPs or MACs?!? I guess the question could be further
> >> expanded (excluding the l2tracee mechanism): how do I find out the
> >> ports where systems with a specific IP are plugged in, if those
systems
> >> belong to another VLAN than the management (and obviously I do NOT
know
> >> their MACs!!!)?!?Any ideas?!?
> >>
> >
> > Buna,
> >
> > l2trace will only be successful for those MAC addresses which are
in
> > your CAM table. So try to l2trace between two MAC addresses first.
afaik
> > l2trace also uses CDP.
> >
> > Arnold
>
> Multumesc
>
> See my other follow-up, regarding snmpwalk-ing the whole deal. I
think
> that there is an issue with where from you're trying to l2trace
(different
> VLAN may not show what's needed, while a combination of snmpwalk and
cam
> table lookup may provide the answer).
>
> On the other observation - I had great hopes about a tool with CDP
> capabilities, for obvious reasons (not having too manually traverse
> switches, when a specific MAC is found across a trunk interface) ...
but
> that is another deal, altogether.
>
> papi

Very good suggestions - all - I've mentioned part of those in the other
thread of "replies-to-answers", to my original posting. There are multiple
ways to "skin a cat", but none with immediately useful results - a bunch
of sed and awk one-liners, with SNMP, should give the desired output. I
also like the "|" capability (regex) of Cisco CLI, BUT - all in all - I
was interested in making l2trace work, though ...

thanks again for all answers,
papi

P.S.: it is ipNetToMediaPhysAddress, not ipNetToPhysAddress

On Sun, 15 May 2005 12:22:58 -0700, dmcollin wrote:
> PAPI,
>
> STEP 1: ping the destination IP so your router knows about it and you
> know its live
> STEP 2: (Using Net-SNMP) 'snmpwalk -c <COMMSTRING> <router IP address>
> ipNetToPhysAddress'
> - this will return all the MAC-to-IP resolutions your router knows
> of
> STEP 3: On the switch, 'show cam dyn <MAC of target IP>'
> - this will show you the port (or trunk) the MAC has been learned
> through
<snip>

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!